Fedora Weekly News Issue 172

This week Announcements rubs its hands with glee over the "Fedora 11" freeze. Similarly Artwork enthuses about "Fedora 11 Landing" with great Leonidas themes including a surprise for wide-screen setups. Developments gushes about "Presto and DeltaRPM Status" and SecurityWeek asks the interesting question "Who in the Linux World Would be Responsible for a Worm?". SecurityAdvisories faithfully lists updates that might just help avoid that worm. With a red face we draw your attention with an Erratum to last week's missing QualityAssurance beat. This week's QualityAssurance beat "Test Days" advertizes the upcoming minimal installation testing and reports in "Weekly meetings" that PulseAudio issues with snd-intel-hda and snd-intel8x0 are resolved. Translation reports on the availability of a bulky "Fedora 11 Installation Guide Ready for Translation". The FedoraWeeklyWebcomic joins us again and Ambassadors shares a neat list of LinuxFestNorthWest talks by Fedora folk.

If you are interested in contributing to Fedora Weekly News, please see our 'join' page[1]. We welcome reader feedback: fedora-news-list@redhat.com

Erratum: Missing QualityAssurance Beat in FWN#171

Last week (FWN#171) your painstaking QualityAssurance correspondent, Adam Williamson, wrote a very readable account of the activity around the UEFI BIOS replacement, Graphics-card Metrics and a lot more. Somehow we omitted to include this in the plaintext issue. With apologies to Adam and to our readers we suggest you take a look at our archived web version[1].

Fedora 11

We're getting very close to the Fedora 11 release, and excitement is building.

Jesse Keating[1] announced[2] that we are now frozen for Fedora 11. "We've reached the final freeze, as well as mass branched. From this point on, builds from F-11/ will go to dist-f11-updates-candidate and builds from devel/ will go to dist-f12. dist-f11 itself is locked."

John Poelstra[3] gave a final reminder[4] to feature owners whose features are not at 100%. "Feature freeze has past and the following feature pages still need updates. Some have not been updated for several months. All need to be at 100% completion and their content set to reflect that."

QualityAssurance

Test Days

This week saw two Test Days. The first[1] was a follow-up on the Fedora 11 rewrite of Anaconda's storage device code[2]. The second[3] was on the Presto plugin for yum, which enables the use of deltarpms for updates. The Anaconda test day verified that many issues from the earlier test day had been resolved and turned up several new bugs, many of which have been fixed already. The Presto test day was surprisingly uneventful: there was good participation but few bugs were discovered, the system worked well and reliably for almost every test.

Next week's Test Day[4] will be on the minimal platform feature[5], support for very small minimal installations. This is another test day which will require installation, so if you are interested in taking part, please make sure to have a spare system or partition on which you can install a Rawhide system. Of course, this week it only needs to be small!

Weekly meetings

The QA group weekly meeting[1] was held on 2009-04-15. The full log is available[2]. The group briefly discussed James Laska's plan to improve the customization possibilities for Test Day live CDs. James promised to send a mail to the list regarding his ideas here.

Adam Williamson reported that he had successfully had a post on the Rawhide nss / x86-64 issue added to the rawhidewatch blog[3], run by Warren Togami.

Adam Williamson reported on his progress in evaluating whether important bugs reported in the X driver Test Days are fully represented on the Fedora 11 release blocker bugs list. The nouveau maintainer, Ben Skeggs, has already reviewed all nouveau bugs. Review of intel and radeon bugs are in process together with the regular triagers for these components, Matej Cepl and Francois Cami.

Will Woods provided an update on his progress in checking on PulseAudio's readiness for a Fedora 11 release. He noted that some significant problems remained in two ALSA drivers - snd-intel-hda and snd-intel8x0 - which cause problems in PulseAudio. These drivers are used by a very large amount of current sound hardware. However, patches to fix several problematic cases have been added to the Rawhide kernel recently, and the remaining problems can be worked around if fixes are not integrated prior to release time, so it should be possible to release Fedora 11 with a fairly reliable PulseAudio. The group discussed whether it would make sense to schedule a Test Day for Intel audio chipsets, but concluded it was too close to release time and the Test Day schedule was already too busy to make it practical.

The Bugzappers group weekly meeting[4] was held on 2009-04-14. The full log is available[5]. The meeting opened with a call for the Bugzappers group to be proactive in adding serious bugs to the Fedora 11 Blocker and Target bug lists. Several group members expressed the concern that they would not be able accurately to identify which bugs should be added to the list, so Adam Williamson and James Laska promised to discuss the issue at the next QA meeting and see if there was a way to provide firmer policies and guidance in future.

The group agreed to delegate the creation and organization of a Wiki area covering SOPs (Standard Operating Procedures) to John Poelstra.

The discussion about how long to wait before closing NEEDINFO bugs was resolved by a proposal from John Poelstra: whether to close after 30 or 60 days will be left to the discretion of individual triagers, while if there is in future any co-ordinated team working to resolve stale NEEDINFO issues not handled by the initial triager, they will use the 60 days method.

The next QA weekly meeting will be held on 2009-04-22 at 1600 UTC in #fedora-meeting, and the next Bugzappers weekly meeting on 2009-04-21 at 1500 UTC in #fedora-meeting.

Developments

Frozen for Fedora 11. Some Packages Still Not Built dist-f11

Jesse Keating announced[1] that henceforth all F-11/ builds would go to dist-f11-updates-candidate and builds from devel/ would go to dist-f12. He asked for concerned parties to check that builds were being properly tagged.

In response to Mike Chambers' question Jesse confirmed[2] that the nightly rawhide composes would consist of Fedora 11 content until the GOLD packages were on their way out to the mirrors at which point the nightly rawhide composes would contain Fedora 12 content.

On a related note Bill Nottingham asked[3] maintainers of a list of packages not yet rebuilt in dist-f11 (with the attendant compiler and strong RPM hashes) to fix them if possible. Jesse Keating provided[4] a slightly more aggressive list as an addendum.

Xorg Hacking Solves DontZap

Peter Hutterer made some valuable contributions to resolving the furore over the disabling of the zapping of the Xorg server via the Ctrl-Alt-Backspace key combination[1].

Tom Callaway drew attention[2] to a blog entry of Peter's which mentioned upstream patches by Julien Cristau (of Debian) to xkeyboard-config and Peter's own patch[3] to Xserver which together make it possible to disallow zapping by default and also to turn zapping on with a

'setxkbmap -option terminate:ctrl_alt_bksp'

. The net result is that it is possible to get zapping to work but the XKB[4] configuration needs to be set up properly and the DontZap option left disabled (as per the new default).

In discussion with Kevin Kofler Peter clarified[5] the situation in which the new settings would take effect. Kevin responded[6] that it appeared that for KDE users zapping with Ctrl-Alt-BkSp would remain as before.

Later Peter answered[7] some questions from Suren Karapetyan about the ability to kill broken X grabs with details about how zapping works.

The above summary of an elegant technical solution ignores the long, and at times vitriolic, complaints about this change. A common trope occurring in some recent threads seems to be that changes are made by Red Hat employees who are implementing changes without community consultation and all work to a common game plan. Seth Vidal challenged[8] the latter assumption:"In a survey of 10 RH employees you will find between 10 and 40 different opinions. sometimes more if you don't ask some of them to confine their comments to a limited amount of time." In any event it's worth noting that the resolution (which filters the "Terminate_Server" action in a manner consistent[9] with the handling of other actions in xkb rulesets) was contributed upstream by a Red Hat employee. As a point of information Kevin Fenzi also made it clear that the change had not been instigated by FESCo.

The new options presented by Peter were in addition to those already suggested[10] in the beta Release Notes.

Minesweeper Certified Solitaire Professionals Satisfied with DVD

Jesse Keating requested[1] help in selecting which packages should be dropped from the DVD image. He suggested some java development packages and games.

Feedback suggested that retaining the games was[2] preferred and dropping the development libraries made sense as the latest versions would be needed[3] and could be obtained from the repositories anyway. Jesse later posted[4] this was sufficient to achieve the desired image size.

A side-issue discussed[5] was the unwieldiness of jigdo as a download method. Callum Lerwick suggested[6] that jigdo would benefit from a userspace ISO implementation.

Presto and DeltaRPM Status

The ability to download binary diffs of RPM packages has been offered[1] for some time now on Fedora through the Presto[2] project and presto-enabled repositories. Interest is high enough in Presto's bandwidth-saving abilities that no fewer than three separate threads were started to ensure that it would function properly for Fedora 11.

Warren Togami asked[3] if Presto would be enabled by default for Fedora 11. Last month (2009-03-21) Jonathan Dieter reported[4] that the use of SHA-256 in rpm had broken deltarpm but that a patched version was available in rawhide. See FWN#166[5] for earlier coverage of the challenges and changes resulting from the introduction of stronger hashes[6].
Jonathan also reported that the changes necessary in infrastructure to build deltarpms had been done. These changes were made fairly rapidly thanks to work done[7] by Michael Schroeder, the upstream deltarpm developer. One issue that concerned[8]Axel Thimm was the security with which checksums of deltarpms were being made. Till Maas and Jonathan Dieter provided[9] reassurance that all deltarpms are generated from original rpms which needed to pass all verifications which yum and rpm enforce.

Martin Sourada was excited[10] not just about Presto but also about the slick new PackageKit in Fedora 11. Martin was concerned about the issue of PackageKit and Presto apparently not working well together. A BugZilla entry revealed[11] that PackageKit developer Richard Hughes quickly created a patch which Martin reported as working.

On 2009-04-16 Bill Nottingham added to the "Rawhide Report" that "[...] rawhide is composed with deltarpms against the prior rawhide. Due to a bug, this is only currently working on i386; it should be fixed for other arches tomorrow. Please test and report any issues."

A Fedora Test Day centering around Presto was also announced[12] by James Laska. The usual excellent wiki page[13] suggests that Presto can deliver significant bandwidth savings.

Dan worried that while "[a] confined nsplugin is a nice feature for confining plugins downloaded from the network. But if you run openoffice and evince from within nsplugin they get confined, causing the apps to not work properly." In response to Simo Sorce Dan explained that any attempt to write transition rules to enable said applications to work properly would create an easy avenue of attack. Simo wondered[4] if it would be possible to either write a security wrapper to restrict the command line, or to get application developers to honor SELinux labels in some way.

Warren Togami shared[5] that removing mozplugger was "[...] something I always do. It seems to cause more problems than it solves [...]" and James Morris expanded[6] upon this with instructions "[...] on both removing mozplugger and restoring the security protections of SELinux. Simply removing the package isn't enough[.]" James questioned "[...] how a package which breaks a security feature not only made it into the repo, but how it became enabled by default[?]"

A similar issue was raised[7] by Bruno Wolff III about the re-enabling of disabled Firefox plugins. Comments by Martin Stransky suggest this is a feature of mozilla-plugin-config.

↑Mozplugger describes itself as "[a] general purpose Mozilla plugin module that allows the user to embed and launch their favorite application to handle the various different types of media found on the Internet." http://mozplugger.mozdev.org/

Getting Rid of /usr for Fedora 12 ?

Lennart Poettering cheerfully invited[1] any inclined parties to a flamefest over the elimination of the /usr directory. Lennart suggested that recent history indicated that more files were being moved from /usr to / and that confusion between the two was a source of error from some packages.

Enthusiasm for both the flamewar and the proposal was low.

A forceful and well-argued objection was made[2][3] by Konstantin Ryabitsev on the basis that he liked to keep /boot and /usr on their own partitions and use a LUKS-encrypted LVM for everything else. Konstantin emphasized this was especially well-suited to portable machines which need to conserve power and are more likely to need encryption.

Ralf Corsepius invoked[4] the FHS[5] on /usr and the need to contain[6] non-essential packages unavailable at certain boot stages therein. Chris Adams added[7] that symlinking /usr to / had been shown to break rpm.

Lennart explained[8] how /etc could be made read-only and adduced[9] OpenSUSE, Debian and Gentoo as further evidence that a read-only root could be attained. Callum Lerwick pined[10] for the days of floppy disks.

Toshio Kuratomi completely declined to play and asked: "I'm hereby giving notice that I don't have time to read obvious flamefests anymore. Once this thread concludes, please summarize whatever the pros and cons are and send it to the packaging committee to discuss and vote on."

Translation

Fedora 11 Installation Guide Ready for Translation

Ruediger Landmann announced the availability[1] of the Fedora 11 Installation Guide for translation. Due to import of relevant content from the Red Hat Enterprise Linux Installation Guide into this Guide, the content has substantially increased. The final translation due date is 14th of May 2009 with an extension of 1 week for additional corrections. The .po files would be refreshed on April 28th 2009, to correct errors identified until that date.

Security Week

Malicious Activity Grows in 2008

2008 saw a surge in malicious code activity [1].
This is a disturbing trend, and for the underground, this is easy money. The threat will continue to grow until either the money dries up (unlikely) or the difficulty of exploiting this is greater than the potential gain. Right now it looks like the trend will continue for several years.

Who in the Linux World Would be Responsible for a Worm ?

Last week OSNews asked a rather interesting, but easily answered question:
OSNews Asks: Who'd Be Responsible for a Linux Conficker? [1]
The world of Open Source security is mostly a process that happens behind the scenes, but is quite effective. There is a wiki called OSS-Security [2] that provides a number of links to various groups. In the event of something like a worm, the vast majority of the effort would end up happening on the Vendor Security (vendor-sec[3]) mailing list. This is a group of trusted Open Source distributors that communicate in private in an effort to keep the end users of Open Source software secure. To date this group has been working out quite well, and the members are very used to solving security flaws in a cooperative manner. In the event of a widespread Linux worm, there would be many tired people, and quite a lot of vendor-sec emails.

Ambassadors

LinuxFest Northwest Starts Saturday

Fedora Project will be attending and presenting at LinuxFest Northwest this weekend in Bellingham, Wash., U.S.A. With five presentations and a booth, Fedora is proud to be a sponsor of LinuxFest Northwest this year.

Below is a list of presentations at LFNW by Fedora folks, all of which will be in room Haskell 203 on the Bellingham Technical College campus.